Shorewall users - Oct 2007 - Re: [Fwd: Re: Shorewall 4.0.4 +Fedora Core 4 64 under Virtuozzo fails to start iptables-restore failed]

Rajiv Dhir wrote:
> As requested by tom
> 
> please find enclosed the full log
> 
> I opened the file before posting so there should be no corruption this
> time.
> 
> Basically I get an iptables-restore failed when trying to start. I
> originally tried with shorewall-perl  then moved to shorewall-shell
> after reading a similar thread on shorewall users where tom requested
> the debug output from this.
> 
> I''m moderately Unix/Linux experienced, in that if I get a set of
> detailedish instructions I will usually manage. I''m so old
fashioned and
> long in the tooth that using "vi" is second nature, but I
don''t
> necessarily know off the top of my head where things are put in the
> Linux(es) structures.
Rajiv,

It appears that you don''t have LOG support. Please try this:

iptables -N foo
iptables -A foo -j LOG

What is the result?

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

[root@myserver]# iptables -N test
[root@myserver]# iptables -A test -j LOG
iptables: No chain/target/match by that name

I then did  a list, but the chain is there! Note - iptables is v1.3.0


[root@myserver]# iptables --list    {certain lines deleted for security 
reasons

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere
VZ_FORWARD  all  --  anywhere             anywhere

Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere
VZ_INPUT   all  --  anywhere             anywhere

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere
VZ_OUTPUT  all  --  anywhere             anywhere

Chain VZ_FORWARD (1 references)
target     prot opt source               destination

Chain VZ_INPUT (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
ACCEPT     udp  --  anywhere            anywhere            udp dpt:domain
ACCEPT     tcp  --  myserver.foo   myserver.foo
ACCEPT     udp  -- myserver.foo   myserver.foo

Chain VZ_OUTPUT (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:http
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:ssh
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:smtp
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:pop3
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:domain
ACCEPT     udp  --  anywhere            anywhere            udp spt:domain
ACCEPT     tcp  --  anywhere             anywhere
ACCEPT     udp  --  anywhere            anywhere
ACCEPT     tcp  --  myserver.foo   myserver.foo
ACCEPT     udp  -- myserver.foo   myserver.foo

Chain test (0 references)
target     prot opt source               destination






Tom Eastep wrote:
> Rajiv Dhir wrote:
>   
>> As requested by tom
>>
>> please find enclosed the full log
>>
>> I opened the file before posting so there should be no corruption this
>> time.
>>
>> Basically I get an iptables-restore failed when trying to start. I
>> originally tried with shorewall-perl  then moved to shorewall-shell
>> after reading a similar thread on shorewall users where tom requested
>> the debug output from this.
>>
>> I''m moderately Unix/Linux experienced, in that if I get a set
of
>> detailedish instructions I will usually manage. I''m so old
fashioned and
>> long in the tooth that using "vi" is second nature, but I
don''t
>> necessarily know off the top of my head where things are put in the
>> Linux(es) structures.
>>     
>
> Rajiv,
>
> It appears that you don''t have LOG support. Please try this:
>
> iptables -N foo
> iptables -A foo -j LOG
>
> What is the result?
>
> -Tom
>   

-- 
Rajiv Dhir
Director

totem space ltd
Registered in England No. 5325325.
Registered Office Unit C Spectrum Studios, 2 Manor Gardens, London, N7 6ER


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

Rajiv Dhir wrote:
> [root@myserver]# iptables -N test
> [root@myserver]# iptables -A test -j LOG
> iptables: No chain/target/match by that name
> 
> I then did  a list, but the chain is there! Note - iptables is v1.3.0
The chain is there because the first command succeeded. This proves that
your kernel/iptables does not have LOG support.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/